Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 3,408 matching records.
Displaying matches 1,821 through 1,840.
Vuln ID Summary CVSS Severity
CVE-2018-10309

The Responsive Cookie Consent plugin before 1.8 for WordPress mishandles number fields, leading to XSS.

Published: April 23, 2018; 10:29:00 PM -0400
V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2018-10301

Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 Premium for WordPress allows remote attackers to inject arbitrary web script or HTML by passing payloads in a comment on an Instagram post.

Published: April 23, 2018; 2:29:00 PM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-10300

Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML by passing payloads in an Instagram profile's bio.

Published: April 23, 2018; 2:29:00 PM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-10234

Authenticated Cross site Scripting exists in the User Profile & Membership plugin before 2.0.11 for WordPress via the "Account Deletion Custom Text" input field on the wp-admin/admin.php?page=um_options&section=account page.

Published: April 23, 2018; 10:29:01 AM -0400
V3.0: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2018-10233

The User Profile & Membership plugin before 2.0.7 for WordPress has no mitigations implemented against cross site request forgery attacks. This is a structural finding throughout the entire plugin.

Published: April 23, 2018; 10:29:01 AM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-7747

Multiple cross-site scripting (XSS) vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a greeting message, (2) the email transaction log, or (3) an imported form.

Published: April 20, 2018; 5:29:00 PM -0400
V3.0: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2018-10110

D-Link DIR-615 T1 devices allow XSS via the Add User feature.

Published: April 18, 2018; 5:29:00 PM -0400
V3.0: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2018-0562

Untrusted search path vulnerability in Installer of SoundEngine Free ver.5.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Published: April 16, 2018; 10:29:00 AM -0400
V3.0: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2018-10102

Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag.

Published: April 16, 2018; 5:58:09 AM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-10101

Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server.

Published: April 16, 2018; 5:58:09 AM -0400
V3.0: 6.1 MEDIUM
V2.0: 5.8 MEDIUM
CVE-2018-10100

Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS.

Published: April 16, 2018; 5:58:09 AM -0400
V3.0: 6.1 MEDIUM
V2.0: 5.8 MEDIUM
CVE-2018-6935

PHP Scripts Mall Student Profile Management System Script v2.0.6 has XSS via the Name field to list_student.php.

Published: April 12, 2018; 6:29:00 PM -0400
V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2018-6934

CSRF exists in student/personal-info in PHP Scripts Mall Online Tutoring Script 2.0.3.

Published: April 12, 2018; 6:29:00 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-6904

PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name field in an Edit Profile action.

Published: April 12, 2018; 6:29:00 PM -0400
V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2018-6903

PHP Scripts Mall Hot Scripts Clone Script Classified v3.1 uses the client side to enforce validation of an e-mail address, which allows remote attackers to modify a registered e-mail address by removing the validation code.

Published: April 12, 2018; 6:29:00 PM -0400
V3.0: 8.8 HIGH
V2.0: 4.0 MEDIUM
CVE-2018-6902

PHP Scripts Mall Image Sharing Script 1.3.3 has XSS via the Full Name field in an Edit Profile action.

Published: April 12, 2018; 6:29:00 PM -0400
V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2018-6900

PHP Scripts Mall Website Broker Script 3.0.6 has XSS via the Last Name field on the My Profile page.

Published: April 12, 2018; 6:29:00 PM -0400
V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2018-6879

PHP Scripts Mall Website Seller Script 2.0.3 uses the client side to enforce validation of an e-mail address, which allows remote attackers to modify a registered e-mail address by removing the validation code.

Published: April 12, 2018; 6:29:00 PM -0400
V3.0: 8.8 HIGH
V2.0: 4.0 MEDIUM
CVE-2018-6870

Reflected XSS exists in PHP Scripts Mall Website Seller Script 2.0.3 via the Listings Search feature.

Published: April 12, 2018; 6:29:00 PM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2014-6412

WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.

Published: April 12, 2018; 5:29:00 PM -0400
V3.0: 8.1 HIGH
V2.0: 5.0 MEDIUM